TL;DR RabbitMQ has patched two critical flaws that allow authentication bypass. One breaks TLS client-certificate checks. The...
Authentication Bypass
VMware Avi Load Balancer Authentication Bypass (CVE-2026-47865, CVSS 9.8) Headlines Seven-Flaw Patch
VMware Avi Load Balancer Authentication Bypass (CVE-2026-47865, CVSS 9.8) Headlines Seven-Flaw Patch
TL;DR Broadcom has patched seven vulnerabilities in VMware Avi Load Balancer under advisory VMSA-2026-0005. The most serious,...
TL;DR Apache IoTDB has patched three flaws in its time-series database. The worst is a critical path...
TL;DR The Apache Camel project patched four high-severity flaws across five components. Three Apache Camel vulnerabilities let...
TL;DR A researcher disclosed a Kafka authentication bypass in the OAUTHBEARER login path. It affects Apache Kafka...
TL;DR Apache APISIX 3.16.0 shipped a JWT algorithm confusion bug in its jwt-auth plugin. The flaw, tracked...
TL;DR Signal 11 disclosed a NetComm authentication bypass tracked as CVE-2026-35019. The flaw scores 9.2 on CVSS...
TL;DR JetBrains fixed three security flaws across Hub, YouTrack, and GoLand. The worst is a JetBrains authentication...
TL;DR The Apache Tomcat project disclosed seven vulnerabilities on 29 June 2026. The most serious Apache Tomcat...
TL;DR WSO2 patched seven vulnerabilities across its API platform, including WSO2 API Manager, in June 2026. The...
On 29 June 2026, CISA added CVE-2026-48558 to its Known Exploited Vulnerabilities catalog. The flaw is a...
TL;DR The Python Software Foundation fixed a python.org authentication bypass on February 24, 2026. The flaw sat...
TL;DR IBM disclosed two critical flaws in Langflow OSS, the open-source AI workflow builder. One is a...
Two critical Gitea security flaws currently threaten self-hosted development environments. These severe vulnerabilities allow remote attackers to...
TL;DR Webmin released version 2.641 to fix three Webmin vulnerabilities. The most serious one lets an unauthenticated...
A one-line bug that survived 27 years Researchers at Argus have publicly disclosed an OpenBSD authentication bypass...
Critical bug exposes LiteLLM management routes A newly disclosed LiteLLM authentication bypass could let unauthenticated attackers...
Rockwell Automation has disclosed two security advisories that reveal several Rockwell Automation vulnerabilities across its industrial product...
A critical Apache Shiro LDAP Injection vulnerability has recently emerged. Specifically, security researchers identified a severe...
A critical Cloud Foundry UAA vulnerability has emerged, and it lets attackers slip past SAML logins entirely....
A critical phpBB authentication bypass is putting countless online communities at risk right now. The flaw, tracked...
Recently, a maximum-severity flaw emerged in the remote management software landscape. Cybersecurity researchers found a critical SimpleHelp...